EU GDPR, Article-by-Article commentary

Indra Spiecker genannt Döhmann heads the Chair of Digitalization Law and the Institute for Digitalization at the University of Cologne since 2024. Previously, she was professor of public law, information law, environmental law and legal theory at the Faculty of Law at Frankfurt‘s Goethe University. Since 2018, she has been Director of Esys (Energy Systems of the Future), the initiative of the science academies for a sustainable, secure, and affordable energy supply. She is senior member of Germany‘s IT-securiy competence center Kastel. Ms. Spiecker has been the second lawyer to be elected to Germany‘s National Academy of Technology Sciences.

Vagelis Papakonstantinou is a Professor on Personal Data Protection Law at the Faculty of Law & Criminology of the Free University of Brussels (VUB, Vrije Universiteit Brussel), focusing also on Cybersecurity, Intellectual Property, and the broader topic of technology regulation. He is the director of VUB's Cyber and Data Security Lab (CDSL), as well as, a core member of VUB’s Research Group on Law Science Technology & Society (LSTS) and the Brussels Privacy Hub.

Prof. De Hert is a full professor at VUB, where he currently teaches Criminal Law, and an assistant-professor at the University of Tilburg, where he teaches a course about Privacy and Data Protection. His research interests are focused on privacy & technology and criminal law. His work testifies of a human rights approach with a concern for theory. At VUB, he is Director of the research group on human rights (FRC), Vice-Dean of the Faculty of Law and Head of the Department of Interdisciplinary Studies of Law. In the past he directed the Research group Law Science Technology & Society (LSTS). He is a board member of a number of leading international law reviews such as The Computer Law & Security Review (Elsevier), The Inter-American and European Human Rights Journal (Intersentia), and Criminal Law & Philosophy (Springer). He is also co-editor in chief of several series relating to his areas of specialisation.

Gerrit Hornung is Professor of Public Law, IT Law and Environmental Law at the University of Kassel, and Director of its Interdisciplinary Research Center for Information System Design. His research interests cover the public law aspects of the information society, the law of electronic government, as well as legal issues of data protection, IT security, and new surveillance technologies.

Jan Philipp Albrecht is a politician of the Greens-European Free Alliance. From 2018 to 2022, he has been serving as Minister of Energy, Agriculture, the Environment, Nature and Digitalization of Schleswig- Holstein. He has been a board member of the Heinrich Böll Foundation since June 2022. He was the rapporteur of the European Parliament foe the EU's General Data Protection Regulation as well as for the EU-US  data protection framework agreement.

Marco Almada is a researcher at the European University Institute of Florence, where he is pursuing a PhD in the regulation of artificial intelligence. Before starting his doctoral research, he obtained degrees in law from the University of São Paulo and computing from the University of Campinas. He has published on law and digital technologies, with particular attention to theoretical issues and the legal frameworks for personal data protection and artificial intelligence in Brazil and the European Union.

Jens Ambrock is head of department at the Hamburg Commissioner for Data Protection and Freedom of Information. In this position as a GDPR regulator, he haw been a rapporteur at the EDPB for several guidelines. He leads the Schrems II Taskforce coordinating the enforcement of the multiple German supervisory authorities concerning international data transfers . In addition, Dr. Ambrock is a lecturer for data protection law at Kiel University.

Sebastian Bretthauer is a senior research assistant and postdoc at the Chair for Administrative Law, Information Law, Environmental Law and Legal Theory of Prof. Dr. Intra Spiecker gen. Döhmann, LL.M and project leader at the Research Center for Data Protection at Goethe- University Frankfurt. His research interests are especially in data protection law, where he has contributed as an author to numerous publications.

Laura Carmichael LLB (Hons), MSc (Dist.), PhD is an interdisciplinary Research  Fellow within the IT Innovation Centre, Scholl of Electronics and Computer Science, University of Southampton. She has a degree in law, LLB (Hons), and a MSc (Dist.,) and PhD in Web Science. She has been involved in various interdisciplinary research projects related to data sharing and re-usage, including the EU-funded Data Pitch open innovation programme. She is currently working as part of the Social Data Foundation initiative, and the PETRAS Data Sharing Foundation (PETRAS- DSF) project: Building a Trustworthy Data Sharing Ecology for IoT Data Assets.

(LLB, LLM, MSc, PhD) is an academic and practitioner in the fields of Law, Computer Science and Web Science, with keen focus on Privacy. Dr. Cradock received her interdisciplinary PhD from the University of Southampton in 2022 with her thesis entitled 'A New Approach to Categorising Personal Data to Increase Transparency Under the Obligation to Inform'. The thesis focused on what privacy laws can learn from Computer and Information Science Models, to increase the transparency of personal data processing. Dr Cradock currently works with commercial companies to apply her research and guides them in their compliance with other global privacy laws.

Dr. Dix, LL.M. (Lond.) is Vice-Chair of the European Academy for Freedom of Information and Data Protection in Berlin. From 1998 to 2005 he was Commissioner  for Data Protection and Freedom of Information. From 1998 to 2005 he was Commissioner for Data Protection and Access to Information in Brandenburg. He was then elected as Berlin Commissioner for Data Protection and Freedom of Information, a post which he held until January 2016. From 2005 to 2015 he chaired the International Working Group on Data Protection in Telecommunications (also known as “Berlin Group”) and represented the German Länder in the Art. 29 Working Party of European Data Protection Authorities. He was  a member of the Expert Group on Governance of Data and AI in the UN Global Pulse Project. Dr. Dix has published extensively on transborder data flows, privacy in global networks and freedom of information.

Dr. Stefan Drewes is an attorney based in Bonn/Germany. He has more than 20 years of professional experience in advising companies on all matters related to data protection law an has been working since 2002 as a  data protection officer for several companies. He regularly gives lectures on data protection law topics and has contributed numerous publications in his specialised field.

Jos Dumortier studied law in Leuven, Nancy and Heidelberg between 1968 and 1975, obtained his PhD in 1981 and studies Information Science an the Université Libre in Brussels between 1981 and 1983. He has been a full professor of law at KU Leuven between 1987 and 2014. In 1990 he was the founder of the Interdisciplinary Centre foe Law and Information  Technology (currently 'CITIP') of which he acted as the director  until 2014. Today, Prof. Dumortier is a member of the Bar of Brussels as founding partner of Timelex, a law firm specialised in information technology and data protection law.

Domingos Farinho is an Assistant Professor at the University of Lisbon School of Law. His main areas of research are Administrative Law , Fundamental Rights, and Legal Theory. He has been especially interested in fundamental rights in the context of Public Administrations and Cyberspace. He haw coordinated and participated in several courses regarding Data Protection, the GDPR and access to State-held information. He has  written extensively on these topics.

Pieter Gryffroy works as a lawyer for Timelex, a Brussels-based law firm specialized in matching law and technology. In that capacity Pieter works with the GDPR on a daily basis, in particular in the context of implementing EU-funded research projects. Before joining Timelex, he worked as an academic researcher in the field of data of data protection law for the Europa-Institut at Saarland University, Germany.

András Jóri, PhD, attorney-at-law, served as Parliamentary   Commissioner for Data Protection and Freedom of Information of Hungary from 2008 to 2011. Before and after his mandate, Dr Jóri worked as an attorney, advising his clients on data privacy and IT law; he also did extensive regulatory work, advising the state and industry groups on many fields of IT and data protection law, as well as e-commerce, e-signatures, e-archiving, and e-procurement.  He has published widely about data privacy in Hungary and abroad, and wrote the first commentary on data protection law in Hungary.  As a
honorary associate professor, he has been teaching data protection law at the University of Pécs since 2006.

Dr. Irene Kamara is Assistant Professor Cybercrime Law and Human Rights at the Tilburg Institute for Law, Technology, and Society in The Netherlands, Transatlantic Technology Law Forum Fellow at Stanford University, and affiliate researcher at the Vrije Universiteit Brussel in Belgium. Her research focuses on cybercrime and cybersecurity law, and the role of private regulation in the protection of fundamental rights, and in particular the right to protection of personal data, the right to private life, and non -discrimination.

Dr. Moritz Karg is head of the department of E-Government and Digitization in the State Chancellery of Schleswig-Holstein in Kiel. He worked for over 15 years for the supervisory authorities of Schleswig-Holstein and Hamburg with the focus on social media and telecommunications. Currently he is responsible for the digitization of public administration in Schleswig-Holstein. He has published on various topics related to data protection in the social media area and the activities of the supervisory authorities.

Juliano Maranhão has more than 20 years of experience in the areas of antitrust, regulatory, administrative and digital law, with an emphasis on artificial intelligence and data protection. He is currently an associate professor at the University of São Paulo (Universidade de São Paulo) Law School, president of Lawgorithm Institute for Artificial Intelligence (Instituto Lawgorithm de Inteligência Artificial), member of the Steering Committee of the International Association for Artificial Intelligence and Law and officer of the Legal Grounds Institute.

Hans-W. Micklitz is Professor for Economic Law, Robert Schuman Centre for Advanced Studies, European University Institute, Florence and Finland Distinguished Professor at the University of Helsinki. His research interest focus on Private Law, European and International Economic Law, Private Law Theory.

Dr. Evangelia Papadaki is a Legal Consultant in the field of cyber security and data protection. The interplay between law and technology has been her main research area of interest. Both her work and postgraduate studies focus on the legal issues arising from the use of technologies, and more specific, on the regulatory challenges posed by technological advances to cyber security and the protection of personal data. She is a certified Data Protection Officer. Her studies include an LL.B., an LL.M. in Cyberlaw, a MSc in Web Science and a PhD in Web Science.

Cristina Pauner Chulvi is a Professor of Constitutional Law at the Universitat Jaume I of Castellón. She has made several research stays at European universities (Sorbonne University-Paris, Rome III University, London School of Economics and University of Oxford). She has completed various specialized courses on human rights in the International Institute of Human Rights (Strasbourg) and the Diploma of Specialization in Constitutional Law and Political Science at the Centre for Political and Constitutional Studies (Madrid).

Artemi Rallo Lombarte is a Constitutional Law Full Professor at the Jaume I University in Spain. He has served, among others, as Senator and Deputy of Spain, as well as, as Director of the Data Protection Spanish Agency. He has performed research activity at international centres such as the International Human Rights Institute(Strasbourg), La Sapienza University (Rome), Paris I-Pantheòn-Sorbonne University and Montreal University. He is the author of numerous monographs, collective books and scientific articles in specialised national and international reviews. Graduate in Law with Extraordinary Prize Honours (1988) and Doctor in Law at the University of Valencia (1990).

Judith Rauhofer is a Senior Lecturer in IT Law at the University of Edinburgh.
She holds professional legal qualifications in Germany (Rechtsanwalt) and England (Solicitor). Her research interests include all areas of data protection, online privacy, data justice, electronic surveillance and technology law. Judith is a co-author of the Commonwealth Model Provisions on Data Protection.

Dr. Philipp Richter works as a legal officer for the Data Protection and Freedom of Information Commissioner of Rhineland-Palatinate (Germany). He has been publishing in the field of data protection for over ten years, especially with regard to the GDPR and its introduction. His main field of work nowadays are data protection in internet services, especially websites and social media as well as basic matters of GDPR interpretation and cooperation of the EU-Data protection authorities. He is also the host of his authority's official Podcast"Datenfunk".

Prof. Dr. Alexander Roßnagel is the Hessian Commissioner for Data Protection and Freedom of Information since 2021. He is also a senior professor of public law with a focus on the law of technology and environmental protection at the University of Kassel. He heads the "Project Group for Constitutionally Compatible Technology Design (provet)" and is director of the Scientific Center for Information Technology Design (ITeG).

Giovanni Sartor is professor in Legal Informatics at the University of Bologna, and professor in Legal informatics and Legal Theory at the European University Institute of Florence.  He coordinates the CIRSFID-AI for Law and Governance unit at the Alma-AI research center of the University of Bologna. He holds the ERC-advanced grant (2018) for the project Compulaw (2019 – 2025). He has published widely in legal philosophy, computational logic, and computer law, AI & law. He is co-director of the Artificial Intelligence and Law Journal and co-editor of the Ratio Juris Journal.  His research interests
include legal theory, early modern legal philosophy, logic,argumentation theory, modal and deontic logics, logic programming, multiagent systems, computer and Internet law, data protection, e-commerce, law and technology.

Burkhard Schafer is Professor for Computational Legal Theory at the University of Edinburgh where he was for many years also the director of the SCRIPT Centre for IT and IP Law.  He joined Edinburgh in 1996, after having studied Theory of  Science, Logic, Theoretical Linguistics, Philosophy and Law at the Universities of Mainz, Munich, Florence and Lancaster . His interest is the interaction between law, science and computer technology from doctrinal, comparative and legal-theoretical perspectives. He
served as member of the government expert group “Ethical Digital Scotland” and the ethics advisory group of the UK Cabinet Office. He is currently the convenor of the “Legal Services Industry” working group of AI4People and member of the accreditation committee for legal technologists of the Law Society of Scotland”.

Dr. Peter Schantz is Head of the Directorate General “Policy Planning & Communication” at the German Federal Ministry of Justice. As member of the Ministry’s data protection law unit he followed closely the negotiations on the GDPR and is author of numerous publications on data protection law. Before joining the German Federal Ministry of Justice, he worked as a lawyer in an international law firm and was involved in several privacy-related cases before the German Federal Constitutional Court.

Prof. Dr. Stephanie Schiedermair holds the Chair for European Law, Public International Law and German Public Law at Leipzig University.  She is Director of the
university´s International Law Institute and coordinates the foreign affairs of the law faculty. Her research focuses on international and European media and data protection law (Right to be forgotten, GDPR, Artificial Intelligence) and on general questions concerning the interaction of international,  European and  national law.  Research stays led her to Yale and Monash University.    She is a regular speaker at international and national conferences  and a member of the German Commission for the Determination and Review of the Financial Requirements of Public Broadcasting in Germany.

Achim Seifert, Dr. jur., is Professor of Private Law, German and European Labour Law and Comparative Law at the Friedrich-Schiller-University of Jena (since 2011). He previously taught European and International Labour Law at the University of Luxembourg. His fields of research are European as well as International Labour Law and specifically employee data protection law and employee participation in company boards. He is a member of the editorial Board of the European Labour Law Journal and the Comparative Labor Law & Policy Journal.

Prof. Dr. Dr. h.c. mult. Spiros Simitis († 2023) was Professor emeritus on Labor Law, Civil Law and Legal Informatics, Goethe University Frankfurt/Main, Germany. Numerous publications in the fields of Civil Law, Labor Law, Liability Law, Child Care Law, Legal Theory and Data Protection Law, often with interdisciplinary approaches.
He was the founder of the Data Protection Research Institute thereof. Former Chief Data Protection Authority of Hessia. Honorary Member of the Deutscher Juristentag. Chair of the Expert Commission on Data Protection of the European Council. Advisor of the EU Commission; Commission's High-Level Expert Commission on the Charter of Fundamental Rights; Chair of the German National Ethics Commission. Honorary Doctor of several universities;Bundesverdienstkreuz 1st Class, Officer of the French Legion of Honour, University of Berkeley-California’s Chancellor’s Citation. He also edited the leading commentaries on the DPD and German data protection law.

Dr. Eva Souhrada-Kirchmayer is a judge at the Federal Administrative Court in Austria, where she mainly deals with data protection cases. She worked for many years in leading positions in the field of data protection in the Prime Minister’s Office and in the Austrian Data Protection Commission. She gives lectures on data protection law topics and regularly writes publications in this field.

Sophie Stalla-Bourdillon is Professor in IT law at VUB and the Privacy Hub and Principal Legal Engineer at Immuta Research. She is also a visiting professor at the University of Southampton Law School of law, where she held the chair in IT law
and Data Governance until 2022. Sophie is the author and co-author of several legal articles, chapters and books on data protection and privacy. She has also served as a legal and data privacy expert for the European Commission, the Council of Europe, the Organisation for the Cooperation and Security in Europe, and for the Organisation for Economic Cooperation and Development.

Olivia Tambou is a professor at the Université Paris-Dauphine, PSL Research University since 2007 and External Scientific Fellow at the Max Planck Institute Luxembourg for International, European and Regulatory Procedural Law in Luxembourg. She is also the founder-editor of blogdroiteuropeen. Olivia Tambou is the author of nearly 50 publications in French, English and Spanish mainly on data protection law including her Manuel de droit européen des données, Ed. Bruylant collection Droit administratif européen matériel, Bruylant 2020).

Niko Tsakalakis is a former Senior Research Fellow at the University of Southampton, where he conducted research into data protection by design for emerging technologies. He holds a PhD on data protection for electronic identification, and has worked as a legal engineer for eIDAS-compliant services, AI decision-making, and Mobility-asa-Service systems. Since 2023 he has joined the Council of the European Union as a permanent official in data protection.

Jorge Viguri Cordero is Contracted Lecturer (holder of a PhD) in Constitutional Law at Universitat Jaume I. Law Degree (2010-2014), Master's degree in Law (2014-2016). He has been a researcher in the EU projects CRISP (Evaluation and Certification Schemes for Security Products) and Phaedra II (Improving Practical and Helpful Cooperation between Data Protection Authorities) between 2014 and 2017, both funded by the European Commission. Predoctoral researcher financed by Generalitat Valenciana (under the program VALi+D, co-financed by the European Social Fund) for the realisation of his doctoral thesis (2017-2020) and postdoctoral researcher at UJI (2021). His research lines include the right to protection of personal data, the right
to international protection, and transparency. He wrote the book “Security and Data Protection in the Common European Asylum System” (Tirant lo Blanch, 2020) and over
twenty articles in various Scientific Journals, as well as book chapters.